Here are my suggestions. If you’re okay with IP restrictions only, then iptables. If you don’t have *nix or root access, an Apache proxy server with Allow from <ip addr>. If you want really, really secure, an stunnel front-end that requires client certs that you install in your browsers. For us, we have a load balancer with VIPs that restrict access to the internal IP range of the building that houses IT, but not everyone has the luxury of hardware solutions.
From: Ryan W <rya...@gmail.com> Sent: Monday, March 16, 2020 10:20 AM To: solr-user@lucene.apache.org Subject: Re: How do *you* restrict access to Solr? WARNING: This email originated outside of Lands’ End. Please be on the lookout for phishing scams and do not open attachments or click links from people you do not know.. On Mon, Mar 16, 2020 at 10:50 AM David Hastings < hastings.recurs...@gmail.com<mailto:hastings.recurs...@gmail.com>> wrote: > Honestly? I know this isnt what youre going to want to hear, but security > through obscurity. no one else knows what port the servers on, and its not > accessible from anything outside of the internal network. That doesn't sound like security through obscurity, as long as you are confident that access to the internal network is limited... to whatever degree you require. I'd certainly be happy if I could restrict access based on IP. > if your solr > install can be accessed from an external IP you have much larger issues. > On Mon, Mar 16, 2020 at 10:44 AM Ryan W > <rya...@gmail.com<mailto:rya...@gmail.com>> wrote: > > > How do you, personally, do it? Do you use IPTables? Basic > Authentication > > Plugin? Something else? > > > > I'm asking in part so I'l have something to search for. I don't know > where > > I should begin, so I figured I would ask how others do it. > > > > I haven't been able to find anything that works, so if you can tell me > what > > works for you, I can at least narrow it down a bit and do some Google > > searches. Do I need to learn Solr's plugin system? Am I starting in the > > right place if I follow this document: > > > > > https://lucene.apache.org/solr/guide/7_0/rule-based-authorization-plugin.html#rule-based-authorization-plugin<https://lucene.apache.org/solr/guide/7_0/rule-based-authorization-plugin.html#rule-based-authorization-plugin> > > > > Initially, the above document seems far too comprehensive for my needs. > I > > just want to block access to the Solr admin UI, and the list of > predefined > > permissions in that document don't seem to be relevant. Also, it seems > > unlikely this plugin system is necessary just to control access to the > > admin UI... or maybe it necessary? > > > > In any case, what is your approach? > > > > I'm using version 7.7.2 of Solr. > > > > Thanks! > > >
